Compliance
Within the GRC cycle, how can IT security compliance be best described?
Answer Question
| December 5, 2012 6:57 PM
Compliance, IT security
Within the GRC cycle, how can IT security compliance be best described?
Answer Question
| December 5, 2012 6:57 PM
Compliance, IT security
Power Point 2003 vs. 2007 PCI DSS Compliance
Would migrating to Power Point Viewer 2007 change PCI DSS compliance in any way if all patches were applied to 2007? i.e., does the newer version bring anything like ActiveX into the picture?
Answer Question
| April 18, 2011 4:48 PM
ActiveX, Compliance, PCI DSS, PowerPoint 2003, Windows Server 2003
Would migrating to Power Point Viewer 2007 change PCI DSS compliance in any way if all patches were applied to 2007? i.e., does the newer version bring anything like ActiveX into the picture?
Answer Question
| April 18, 2011 4:48 PM
ActiveX, Compliance, PCI DSS, PowerPoint 2003, Windows Server 2003
Open IT Forum: How do you raise awareness for security compliance in the enterprise?
We’ve gotten your opinions on network security from the hardware and software side, but now we want to know what you’re doing for compliance. From what your compliance policies are to the creative ways you raise awareness about those policies, share your stories and you might get 100 knowledge points in time for the final [...]
Answer Question
| December 17, 2010 5:48 PM
Compliance, compliance management, Network security, Network Security Management, Network Security Policies, Open IT Forum, Security compliance
We’ve gotten your opinions on network security from the hardware and software side, but now we want to know what you’re doing for compliance. From what your compliance policies are to the creative ways you raise awareness about those policies, share your stories and you might get 100 knowledge points in time for the final [...]
Answer Question
| December 17, 2010 5:48 PM
Compliance, compliance management, Network security, Network Security Management, Network Security Policies, Open IT Forum, Security compliance
FINRA Guide to IT Compliance
I am looking to set up a whole new network infrastructure for an Investment Bank – DATA and VOICE – covering ALL of their devices – onsite and remote. Does FINRA or anyone for that matter a publish a comprehensive guide with rules and regulations?
Answer Question
| December 14, 2010 5:20 PM
Compliance, FINRA compliance, Infrastructure management, Infrastructure services, Network infrastructure
I am looking to set up a whole new network infrastructure for an Investment Bank – DATA and VOICE – covering ALL of their devices – onsite and remote. Does FINRA or anyone for that matter a publish a comprehensive guide with rules and regulations?
Answer Question
| December 14, 2010 5:20 PM
Compliance, FINRA compliance, Infrastructure management, Infrastructure services, Network infrastructure
Creating abuse and postmaster exchange account
How do I create an abuse and a postmaster exchange account to be in compliance? I am using Exchange 2003 and Outlook 2007.
Answer Question
| November 8, 2010 3:33 PM
Compliance, Exchange 2003, Exchange 2003 security, Exchange security, Outlook 2007, POSTMASTER
How do I create an abuse and a postmaster exchange account to be in compliance? I am using Exchange 2003 and Outlook 2007.
Answer Question
| November 8, 2010 3:33 PM
Compliance, Exchange 2003, Exchange 2003 security, Exchange security, Outlook 2007, POSTMASTER
Compliance SOX certification
Hello, I’m looking to acquiring SOX certification. Are there any additional compliance certifications that your would recommend and through which vendor?
Answer Question
| September 28, 2010 12:32 PM
CIO, Compliance, IT certification, IT Compliance, SOX, SOX compliance
Hello, I’m looking to acquiring SOX certification. Are there any additional compliance certifications that your would recommend and through which vendor?
Answer Question
| September 28, 2010 12:32 PM
CIO, Compliance, IT certification, IT Compliance, SOX, SOX compliance
Unified Communications product qualification flow
I want to know how to build a set of UC product,like Plantronics UC wireless headset system voyager Pro UC. Maybe the product adapt to Microsoft® Office Communicator 2007. My question is: How to qualify this product? Must it get some UC qualifications? Is there some UC compliance? What’s the compliance flow? Thanks.
Answer Question
| September 16, 2010 1:59 AM
Compliance, Microsoft Office Communicator, Microsoft Office Communicator 2007 R2, Unified Communications, Unified Communications Hardware
I want to know how to build a set of UC product,like Plantronics UC wireless headset system voyager Pro UC. Maybe the product adapt to Microsoft® Office Communicator 2007. My question is: How to qualify this product? Must it get some UC qualifications? Is there some UC compliance? What’s the compliance flow? Thanks.
Answer Question
| September 16, 2010 1:59 AM
Compliance, Microsoft Office Communicator, Microsoft Office Communicator 2007 R2, Unified Communications, Unified Communications Hardware
System Administrators Access in a HR/Payroll System
Hi I have taksed to define the access rights for sys admins for a HR/Payroll system. The thoughts are divided among the groups here – one, the segretion of duties that should limit any type of user to perform tasks end to end since this is a payroll system; two since it is a sys [...]
Answer Question
| August 23, 2010 2:05 PM
Access Rights, Administration tools, Administrator account, Compliance, Security, System administrator
Hi I have taksed to define the access rights for sys admins for a HR/Payroll system. The thoughts are divided among the groups here – one, the segretion of duties that should limit any type of user to perform tasks end to end since this is a payroll system; two since it is a sys [...]
Answer Question
| August 23, 2010 2:05 PM
Access Rights, Administration tools, Administrator account, Compliance, Security, System administrator
TAPI
Is quick books TAPI compliant?
Answer Question
| March 16, 2010 5:05 PM
API, Compliance, TAPI, Telephony
Is quick books TAPI compliant?
Answer Question
| March 16, 2010 5:05 PM
API, Compliance, TAPI, Telephony
Is it practical to track all changes to our infrastructure at every level for compliance?
For compliance reasons, we need to track all changes to our infrastructure at nearly every level (physical, software/patches, and policy changes). Is this practical? This question was asked during the Microsoft System Center live chat on IT Knowledge Exchange in January 2010.
Answer Question
| March 4, 2010 2:12 PM
Compliance, Infrastructure management, Microsoft System Center, System Center
For compliance reasons, we need to track all changes to our infrastructure at nearly every level (physical, software/patches, and policy changes). Is this practical? This question was asked during the Microsoft System Center live chat on IT Knowledge Exchange in January 2010.
Answer Question
| March 4, 2010 2:12 PM
Compliance, Infrastructure management, Microsoft System Center, System Center
Can SCCM interact with our online SA agreements and assist with licensing compliance?
I had heard that SCCM can interact with our online SA agreements and assist with licensing compliance, is this true? This question was asked during the Microsoft System Center live chat on IT Knowledge Exchange in January 2010.
Answer Question
| March 2, 2010 3:48 PM
Compliance, Licensing, Microsoft System Center, SCCM, System Center, System Center Configuration Manager
I had heard that SCCM can interact with our online SA agreements and assist with licensing compliance, is this true? This question was asked during the Microsoft System Center live chat on IT Knowledge Exchange in January 2010.
Answer Question
| March 2, 2010 3:48 PM
Compliance, Licensing, Microsoft System Center, SCCM, System Center, System Center Configuration Manager
508 Compliance Testing Tool
I’ve already searched on the forums, and searched posts relating to 508 compliant testing. My question is, how reliable are the free websites that check your website? I’m looking for a simple tool that could be used to test web-based training for 508 compliance. Anybody have any recommendations?
Answer Question
| January 24, 2010 8:43 PM
Compliance, PEN testing, Security compliance
I’ve already searched on the forums, and searched posts relating to 508 compliant testing. My question is, how reliable are the free websites that check your website? I’m looking for a simple tool that could be used to test web-based training for 508 compliance. Anybody have any recommendations?
Answer Question
| January 24, 2010 8:43 PM
Compliance, PEN testing, Security compliance
Expectations from a compliance mapping project?
What is the by product you’d expect from a firm that promises to come in to your organization to conduct a compliance mapping of all your regulatory controls?
Answer Question
| July 24, 2009 3:49 PM
Compliance, Compliance mapping
What is the by product you’d expect from a firm that promises to come in to your organization to conduct a compliance mapping of all your regulatory controls?
Answer Question
| July 24, 2009 3:49 PM
Compliance, Compliance mapping
Outside vendor located on premises
We have an outside vendor located on our premises making credit card sales. If they are not PCI compliant, and/or if their data becomes compromised, what is our liability, considering it will be our shared customer who is affected?
Answer Question
| February 23, 2009 12:03 AM
Compliance, IT Compliance, Payment Card Industry Data Security Standard, PCI compliance
We have an outside vendor located on our premises making credit card sales. If they are not PCI compliant, and/or if their data becomes compromised, what is our liability, considering it will be our shared customer who is affected?
Answer Question
| February 23, 2009 12:03 AM
Compliance, IT Compliance, Payment Card Industry Data Security Standard, PCI compliance
What is the best way to implement a risk assessment in an IT department that will align COBIT controls with risks?
A compliance officer in Europe could use some advice from fellow IT professionals and executives. His IT budget is being scrutinized, as is the case in every organization in 2009; he needs targets to get things done more efficiently but without taking on more risk. His department is evaluating benchmarking IT application controls as a [...]
Answer Question
| March 23, 2009 6:04 PM
COBIT, Compliance, IT Compliance, regulatory compliance, Risk assessment, Risk management
A compliance officer in Europe could use some advice from fellow IT professionals and executives. His IT budget is being scrutinized, as is the case in every organization in 2009; he needs targets to get things done more efficiently but without taking on more risk. His department is evaluating benchmarking IT application controls as a [...]
Answer Question
| March 23, 2009 6:04 PM
COBIT, Compliance, IT Compliance, regulatory compliance, Risk assessment, Risk management
Oracle licensing: I need the documents related with the file F0092
Needs to identify named users in JDE World and One World to ensure compliance with Oracle Licenses. A user may have multiple profiles in multiple environments which in Oracle’s eyes would be counted as one named user We are looking at using the following fields to capture a unique identifier that is associated with a [...]
Answer Question
| December 12, 2008 10:32 AM
Compliance, F0092, JD EDWARDS, JD Edwards OneWorld, JDE World, OneWorld, Oracle compliance, Oracle licensing, ULUL24, ULUL25
Needs to identify named users in JDE World and One World to ensure compliance with Oracle Licenses. A user may have multiple profiles in multiple environments which in Oracle’s eyes would be counted as one named user We are looking at using the following fields to capture a unique identifier that is associated with a [...]
Answer Question
| December 12, 2008 10:32 AM
Compliance, F0092, JD EDWARDS, JD Edwards OneWorld, JDE World, OneWorld, Oracle compliance, Oracle licensing, ULUL24, ULUL25
PCI Compliance in an iSeries Network Environment – Request for advice and direction
We’re trying to comply with the Payment Card Industry’s PCI DSS requirements. We have a home-grown ERP system running on an IBM iSeries computer that stores and processes credit cards taken over the phone and by mail. We also have a website hosted on another iSeries computer. The site uses a Websphere Commerce v. 6 [...]
Answer Question
| November 12, 2009 12:43 PM
Compliance, iSeries, PCI, WebSphere Commerce
We’re trying to comply with the Payment Card Industry’s PCI DSS requirements. We have a home-grown ERP system running on an IBM iSeries computer that stores and processes credit cards taken over the phone and by mail. We also have a website hosted on another iSeries computer. The site uses a Websphere Commerce v. 6 [...]
Answer Question
| November 12, 2009 12:43 PM
Compliance, iSeries, PCI, WebSphere Commerce
SAS70
When benchmarking a SAS70 audit to determine if the necessary controls were audited, what standards do you use as guidance to determine the controls to be tested and the control objectives? Does IT rely on internal audit for guidance or do you have your IT processes documented?
Answer Question
| June 25, 2008 5:13 AM
Auditing, Compliance, Risk analysis, SAS 70
When benchmarking a SAS70 audit to determine if the necessary controls were audited, what standards do you use as guidance to determine the controls to be tested and the control objectives? Does IT rely on internal audit for guidance or do you have your IT processes documented?
Answer Question
| June 25, 2008 5:13 AM
Auditing, Compliance, Risk analysis, SAS 70
email data retention laws
are inter-department email groups in a multinational bank subject to any US/UK financial regulation on data retention times..e.g. emails sent to a IT department’s group mailbox which recieves requests from other departments in the organisation…e.g. legal restore requests, trader restore requests..etc..is the email mailbox required to be backed up and kept for any period of [...]
Answer Question
| January 31, 2008 2:56 PM
Compliance, Laws, Regulations, standards
are inter-department email groups in a multinational bank subject to any US/UK financial regulation on data retention times..e.g. emails sent to a IT department’s group mailbox which recieves requests from other departments in the organisation…e.g. legal restore requests, trader restore requests..etc..is the email mailbox required to be backed up and kept for any period of [...]
Answer Question
| January 31, 2008 2:56 PM
Compliance, Laws, Regulations, standards
Selecting an area within security to start
Hi, I’m studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I’m also studying for the CISSP. Now, with all these qualifications, could you please tell me which would [...]
Answer Question
| June 25, 2008 4:06 PM
Access control, Application security, Biometrics, Browsers, Career development, CCNA, CCSA, Certifications, CISSP, Compliance, configuration, CRM, Current threats, Database, Digital certificates, Disaster Recovery, Encryption, Exchange, Firewalls, Forensics, Hacking, Identity & Access Management, Incident response, Intrusion management, MCSE, Network security, Networking, patching, PEN testing, Platform Security, Policies, Risk management, Secure Coding, Security, Security Program Management, Spyware, SSL/TLS, Trojans, Viruses, VPN, vulnerability management, Web security, Wireless, worms
Hi, I’m studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I’m also studying for the CISSP. Now, with all these qualifications, could you please tell me which would [...]
Answer Question
| June 25, 2008 4:06 PM
Access control, Application security, Biometrics, Browsers, Career development, CCNA, CCSA, Certifications, CISSP, Compliance, configuration, CRM, Current threats, Database, Digital certificates, Disaster Recovery, Encryption, Exchange, Firewalls, Forensics, Hacking, Identity & Access Management, Incident response, Intrusion management, MCSE, Network security, Networking, patching, PEN testing, Platform Security, Policies, Risk management, Secure Coding, Security, Security Program Management, Spyware, SSL/TLS, Trojans, Viruses, VPN, vulnerability management, Web security, Wireless, worms
